Motivations

[pfrazee]

Hi @jwerle 👋

I saw the invite for the project. What's the upside of a DID spec for Dat?

[jwerle]

hey @pfrazee !

The original idea for a did:dat method was to create cryptographic links between dats and other systems.

I'll try my best to make an example below.

Consider an open and decentralized video service that allows users to publish dats as video to the platform. The video service is open source and implements DID as its core identifier. Every user and every video is backed by some DID. The video service uses ed25519 key pairs for every DID it creates and uses the public key as an identifier. The video service's DID URIs are did:video:<identifier> where <identifier> is a 32 character long hex string representing the public key of that DID. The only difference from a did:dat URI would be the method name, video. The video service uses signatures [1] of signed Decentralized Identity Objects [2], or DDOs, to verify the integrity of the documents describing the identity.

Before publishing to the service, users will create video content that is written to a dat archive in some format the video services accepts. When the user publishes the dat, the video service will want to know that a user owns the dat they say they do through public key verification. To do this, the user signs a DDO for that dat with the dat secret key and the user's secret key that produce proof signatures [1] the video service can store in the DDO for verification. When publishing, the user on the video service that is backed by a DID modifies its DDO to include a public key [4] of the dat it just published and then resigns its DDO. This allows the video service to tie ownership of the dat to a DID without needing the secret key of the dat.

1. https://w3c-ccg.github.io/did-spec/#proof-optional
2. https://w3c-ccg.github.io/did-spec/#did-documents
3. https://w3c-ccg.github.io/did-spec/#binding-of-identity
4. https://w3c-ccg.github.io/did-spec/#public-keys

[pfrazee]

Dat already expresses key ownership by signing everything that's published, so why do we need an additional signature method?

[jwerle]

Dat doesn't need an additional signature method at all nor am I advocating for it to be changed. A DID/DDO for a DAT would be a representation of it's public key in DID JSON-LD. The benefit of the representation is the interopability with other DIDs/DDOs.

[pfrazee]

Okay, I'm sorry if I'm being a bit difficult, I just have been on the fence about the DID concept for a while. I'm not really sure why we need it, since Dat URLs are already a good common identifier scheme, and Dat already has the cryptographic verification built in.

[jwerle]

No need to be sorry! I think DAT links are wonderful and I wouldn't want them to change. I was on the fence about DID for a while, largely because of the perceived need for a DLT, which I do not believe is true anymore. DID and DDOs, sans ledger, work really well for just storing cryptographic properties securely, like a user owning several public keys to different DATs.